BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • GitHub feature could lead to massive infections in software supply chains


    GitHub Codespaces is a customizable cloud-based development environment that allows users to debug, maintain, and make changes to a given codebase from a web browser or through integration with Visual Studio Code.

    GitHub Codespaces also comes with a port forwarding feature that allows you to access a web application running on a specific port in the codespace directly from a browser on your local machine for testing and debugging.

    The important thing to note here is that any public forwarded port also allows any party knowing the URL and port number to view the running application without any authentication. Also, GitHub Codespaces uses HTTP for port forwarding. If a public port is upgraded to use HTTPS, or removed and re-added, the port visibility will automatically change to private.

    Security company Trend Micro has discovered that public forwarded ports can be used to create a malicious file server using a GitHub account.

    By doing so, abusive environments will not be flagged as malicious or suspicious, even if they serve malicious content (such as scripts, malware, and ransomware), and organizations can treat these events as false positives.

    A hacker can create a code space and upload malware from their domain into it, as well as make the forwarded port visible to everyone, which significantly transforms the application acting as a web server hosting rogue payloads.

    Using such scripts, attackers can use GitHub Codespaces to quickly deliver malicious content by publicly opening ports in their codespace environments.

    GitHub said that it is aware of the possibility of abuse, so the platform will show a tooltip when the user tries to connect to the code space.

    Author DeepWeb
    University College London to conduct new clinical trial for psychedelics
    Vulnerabilities in InHand routers put thousands of devices at risk worldwide

    Comments 0

    Add comment